Module org.elasticsearch.security
Class NativeUsersStore
java.lang.Object
org.elasticsearch.xpack.security.authc.esnative.NativeUsersStore
NativeUsersStore is a store for users that reads from an Elasticsearch index. This store is responsible for fetching the full
User object, which includes the names of the roles assigned to the user.
No caching is done by this class, it is handled at a higher level and no polling for changes is done by this class. Modification operations make a best effort attempt to clear the cache on all nodes for the user that was modified.
-
Nested Class Summary
Nested ClassesModifier and TypeClassDescriptionstatic final recordResult record for every document matching a userstatic final recordTotal result for a Query User query -
Field Summary
Fields -
Constructor Summary
ConstructorsConstructorDescriptionNativeUsersStore(Settings settings, Client client, SecurityIndexManager securityIndex) -
Method Summary
Modifier and TypeMethodDescriptionvoidchangePassword(ChangePasswordRequest request, ActionListener<Void> listener) Async method to change the password of a native or reserved user.voidcreateElasticUser(char[] passwordHash, ActionListener<Void> listener) Asynchronous method to create the elastic superuser with the given password hash.voiddeleteUser(DeleteUserRequest deleteUserRequest, ActionListener<Boolean> listener) static StringgetIdForUser(String docType, String userName) Gets the document id for the given user and user type (reserved user or regular user).voidgetUser(String username, ActionListener<User> listener) Blocking version ofgetUserthat blocks until the User is returnedvoidgetUsers(String[] userNames, ActionListener<Collection<User>> listener) Retrieve a list of users, if userNames is null or empty, fetch all usersvoidputUser(PutUserRequest request, ActionListener<Boolean> listener) Asynchronous method to put a user.voidqueryUsers(SearchRequest searchRequest, ActionListener<NativeUsersStore.QueryUserResults> listener) voidsetEnabled(String username, boolean enabled, WriteRequest.RefreshPolicy refreshPolicy, ActionListener<Void> listener) Asynchronous method that will update the enabled flag of a user.
-
Field Details
-
USER_DOC_TYPE
- See Also:
-
RESERVED_USER_TYPE
- See Also:
-
USER_NOT_FOUND_MESSAGE
- See Also:
-
-
Constructor Details
-
NativeUsersStore
-
-
Method Details
-
getUser
Blocking version ofgetUserthat blocks until the User is returned -
getUsers
Retrieve a list of users, if userNames is null or empty, fetch all users -
queryUsers
public void queryUsers(SearchRequest searchRequest, ActionListener<NativeUsersStore.QueryUserResults> listener) -
changePassword
Async method to change the password of a native or reserved user. If a reserved user does not exist, the document will be created with a hash of the provided password. -
createElasticUser
Asynchronous method to create the elastic superuser with the given password hash. The cache for the user will be cleared after the document has been indexed. -
putUser
Asynchronous method to put a user. A put user request without a password hash is treated as an update and will fail with aValidationExceptionif the user does not exist. If a password hash is provided, then we issue a update request with an upsert document as well; the upsert document sets the enabled flag of the user to true but if the document already exists, this method will not modify the enabled value. -
setEnabled
public void setEnabled(String username, boolean enabled, WriteRequest.RefreshPolicy refreshPolicy, ActionListener<Void> listener) Asynchronous method that will update the enabled flag of a user. If the user is reserved and the document does not exist, a document will be created. If the user is not reserved, the user must exist otherwise the operation will fail. -
deleteUser
-
getIdForUser
Gets the document id for the given user and user type (reserved user or regular user).
-